* Restore pam_nologin to /etc/pam.d/ssh; sshd no longer checks this itself

when PAM is enabled, but relies on PAM to do it.
author: Colin Watson <cjwatson@debian.org> 2006-05-12 10:28:20 +0000
committer: Colin Watson <cjwatson@debian.org> 2006-05-12 10:28:20 +0000
commit: e5825f76095e33e3e695f7b5f5f781d1564da846 (patch)
tree: b68a51251ab09bad8285aa09218d39bd5d20f945 /debian
parent: 693b8b58f12854583a60d3d91aa75307b4cddd85 (diff)
2 files changed, 5 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 2c9da1e6d..69ab84fff 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -44,6 +44,8 @@ openssh (1:4.3p2-1) UNRELEASED; urgency=low
    http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch
    (closes: #352042).
  * debian/rules: Resynchronise CFLAGS with that generated by configure.
+  * Restore pam_nologin to /etc/pam.d/ssh; sshd no longer checks this itself
+    when PAM is enabled, but relies on PAM to do it.
  * Rename KeepAlive to TCPKeepAlive in default sshd_config
    (closes: #349896).
  * Rephrase ssh/new_config and ssh/encrypted_host_key_but_no_keygen debconf
diff --git a/debian/openssh-server.ssh.pam b/debian/openssh-server.ssh.pam
index ce33b9347..d34ee091c 100644
--- a/debian/openssh-server.ssh.pam
+++ b/debian/openssh-server.ssh.pam
@@ -1,5 +1,8 @@
 # PAM configuration for the Secure Shell service
+# Disallow non-root logins when /etc/nologin exists.
+auth       required     pam_nologin.so
 # Read environment variables from /etc/environment and
 # /etc/security/pam_env.conf.
 auth       required     pam_env.so # [1]
author	Colin Watson <cjwatson@debian.org>	2006-05-12 10:28:20 +0000
committer	Colin Watson <cjwatson@debian.org>	2006-05-12 10:28:20 +0000
commit	e5825f76095e33e3e695f7b5f5f781d1564da846 (patch)
tree	b68a51251ab09bad8285aa09218d39bd5d20f945 /debian
parent	693b8b58f12854583a60d3d91aa75307b4cddd85 (diff)